Inactive Computer system error

Status
Not open for further replies.
J

JRAGUILAR88

Posts: 7   +0
Message "Hard drive clusters are partly damaged" Virus?

--------------------------------------------------------------------------------

I believe my computer may be infected with something harmful. I don't pretend to know much about computers nor the difference between a virus, spyware, malware, etc but I am absolutely positive my computer is having a serious issue.

Here a just a few of the messages that have been popping up:

"Hard drive clusters are partly damaged"

"Windows OS can't detects a free hard drive space. hard drive error."

"Failed to save all the components for the file: //system32"

Aside from these messages, it appears that some sort of "scan" was run but I became suspicious when it was asking me to update the system by logging in credit card information to purchase new update. It is also telling me critical error and to run a system scan. I am a little suspicious because this all happened while I was using the internet and all of a sudden I got kicked off. I believe the same thing happened to candygirl one of your users (see former thread)

I a going to try your 5-step viruses/spyware/malware preliminary removal instructions. If my sytem needs restoring or scanning when i post the logs for you to read please let me know.

Also I get several pop-up windows at once with "Windows - Delayed Write Fail" The messages are "Failed to save all the components for file \\System32\many coded numbers with letters I also get another pop-up that states files indexation process failed message with these statements: " Indexation process failure may cause: -file may became unreadable -files and documents can be lost -operation system may slow down dramatically. To prevent possible damage to this PC follow recommendations. Recommendations: It's highly recommended to run file integrity checker now and resolve this issue." Followed by a link button "resolve this issue".
 
As with candygirl's situation, my computer was infected

Using the 5-step program provided by julio in this forum.

Here is the first my logs

Malwarebytes Anti-Malware log

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.20.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Jennifer :: JENNIFER-PC [administrator]

1/20/2012 2:46:53 AM
mbam-log-2012-01-20 (02-46-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187550
Time elapsed: 27 minute(s), 16 second(s)

Memory Processes Detected: 2
C:\ProgramData\hbcVhKDrqeOuR.exe (Rogue.FakeHDD) -> 2460 -> Delete on reboot.
C:\ProgramData\Pfz7Va1Gy05XUK.exe (Rogue.FakeAlert) -> 4608 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 19
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|hbcVhKDrqeOuR.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\hbcVhKDrqeOuR.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_Show MyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_Show Search (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\ProgramData\hbcVhKDrqeOuR.exe (Rogue.FakeHDD) -> Delete on reboot.
C:\ProgramData\Pfz7Va1Gy05XUK.exe (Rogue.FakeAlert) -> Delete on reboot.
C:\Users\Jennifer\AppData\Local\Temp\malremtool.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\67AB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Local\Temp\h1Dzj7ZF9BPFGh.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\Windows\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
 
The next step # 3 the 5-step

I ran GMER file. here is the results.

GMER LOG

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-20 05:07:18
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543216L9A300 rev.FB2OC40C
Running: GMER.exe; Driver: C:\Users\Jennifer\AppData\Local\Temp\awldrkog.sys


---- Kernel code sections - GMER 1.0.15 ----

? System32\drivers\cpcxq.sys The system cannot find the path specified. !

---- EOF - GMER 1.0.15 ----
 
THE FINAL STEP (first part) for the 5-step program

Here are the files for the DDS application I ran.

dds.text

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Jennifer at 9:58:08 on 2012-01-20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.953.159 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee VirusScan *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Bandoo\Bandoo.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Jennifer\AppData\Local\Temp\RtkBtMnt.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Bandoo\BndCore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page =
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0209&m=aspire_4730z
uSearch Bar =
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0209&m=aspire_4730z
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\bandoo\plugins\ie\ieplugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {CBC7BE8D-196F-415E-AAE1-5ED6CFACA568} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: chase.com
Trusted Zone: chase.com\chaseonline
Trusted Zone: ed.gov\www.dl
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2A9C20CC-7969-4314-ACD1-1C393038F889} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C966F92B-F884-40CE-8096-7E5FAFC26918} : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
.
============= SERVICES / DRIVERS ===============
.
P2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-8-18 144704]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-20 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-20 314456]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-8-18 214024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-20 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-20 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-20 44768]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-8-18 24576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-5 94880]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-8-18 359952]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-9 116064]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-8-18 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-8-18 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-8-18 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-8-18 40552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-27 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-27 136176]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-8-18 34216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-20 07:45:21 -------- d-----w- c:\users\jennifer\appdata\roaming\Malwarebytes
2012-01-20 07:45:01 -------- d-----w- c:\programdata\Malwarebytes
2012-01-20 07:44:57 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-20 07:44:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-20 06:48:59 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-20 06:48:54 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-20 06:45:32 41184 ----a-w- c:\windows\avastSS.scr
2012-01-20 06:44:11 -------- d--h--w- c:\programdata\AVAST Software
2012-01-20 06:44:11 -------- d-----w- c:\program files\AVAST Software
2012-01-20 06:27:35 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ed7566a8-caa5-42a5-8054-1da68270d8b3}\mpengine.dll
2012-01-18 22:00:36 -------- d--h--w- c:\windows\system32\EventProviders
2012-01-12 04:58:44 -------- d-----w- c:\program files\OpenOffice.org 3
2012-01-12 04:56:47 472808 ---ha-w- c:\windows\system32\deployJava1.dll
2012-01-12 04:54:07 -------- d-----w- c:\program files\licenses
2012-01-12 04:54:06 -------- d-----w- c:\program files\redist
2012-01-03 13:22:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-12-15 22:32:20 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 19:29:56 222080 ---h--w- c:\windows\system32\MpSigStub.exe
2011-01-18 08:53:32 2994688 ----a-w- c:\program files\openofficeorg33.msi
2011-01-18 08:52:10 475016 ----a-w- c:\program files\setup.exe
.
============= FINISH: 9:59:30.76 ===============
 
THE FINAL STEP (second part) for the 5-step program

Here are the other files I ran for DDS application:

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/5/2009 7:24:38 PM
System Uptime: 1/20/2012 7:23:27 AM (2 hours ago)
.
Motherboard: Acer | | Aspire 4730Z
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz | uPGA-478 | 2000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 40.398 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 59.222 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_01401025&REV_00\4&1F1C355F&0&03E4
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_01401025&REV_00\4&1F1C355F&0&03E4
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_197B&DEV_2384&SUBSYS_01401025&REV_00\4&1F1C355F&0&04E4
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_197B&DEV_2384&SUBSYS_01401025&REV_00\4&1F1C355F&0&04E4
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
101 Law Forms
Acer Assist
Acer eDataSecurity Management
Acer Empowering Technology
Acer Mobility Center Plug-In
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
avast! Free Antivirus
Bandoo
Canon MP Navigator EX 1.0
Canon MX300 series
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
CarMD
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 22
Landlord Forms
LightScribe 1.4.142.1
Malwarebytes Anti-Malware version 1.60.0.1800
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MyDSC2
OpenOffice.org 3.3
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spelling Dictionaries Support For Adobe Reader 9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
1/20/2012 9:06:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
1/20/2012 4:37:46 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
1/20/2012 4:36:31 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
1/20/2012 3:22:47 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Jennifer-PC\Jennifer SID (S-1-5-21-4037835895-1194690988-3114022158-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/20/2012 3:19:25 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
1/20/2012 2:44:38 AM, Error: Service Control Manager [7022] - The Security Center service hung on starting.
1/20/2012 2:44:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
1/20/2012 2:42:11 AM, Error: Service Control Manager [7022] - The TPM Base Services service hung on starting.
1/20/2012 2:39:58 AM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
1/20/2012 2:33:44 AM, Error: EventLog [6008] - The previous system shutdown at 2:32:35 AM on 1/20/2012 was unexpected.
1/20/2012 2:19:16 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
1/20/2012 12:59:06 AM, Error: EventLog [6008] - The previous system shutdown at 12:58:16 AM on 1/20/2012 was unexpected.
1/20/2012 12:57:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk MPFP NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
1/20/2012 12:57:01 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/20/2012 12:57:01 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2012 12:57:01 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
1/20/2012 12:57:01 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2012 12:57:01 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2012 12:57:01 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2012 12:57:01 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/20/2012 12:57:01 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/20/2012 12:57:01 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2012 12:57:01 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2012 12:57:01 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/20/2012 12:57:01 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/20/2012 12:57:01 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2012 12:57:01 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2012 12:57:01 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/20/2012 12:55:37 AM, Error: EventLog [6008] - The previous system shutdown at 12:53:34 AM on 1/20/2012 was unexpected.
1/20/2012 1:16:10 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 00234D15819E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/20/2012 1:05:40 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/18/2012 5:10:22 PM, Error: EventLog [6008] - The previous system shutdown at 5:08:20 PM on 1/18/2012 was unexpected.
1/16/2012 11:04:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/16/2012 11:04:17 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/16/2012 11:04:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/15/2012 10:15:31 PM, Error: PlugPlayManager [12] - The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_01401025&REV_00\4&1f1c355f&0&00E4) disappeared from the system without first being prepared for removal.
1/14/2012 9:55:50 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {6A972E27-93E2-4F98-8367-4101B2073814} as /. The error: "3" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
1/14/2012 9:53:20 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "3" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
1/14/2012 9:52:47 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
1/14/2012 9:50:57 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 126
.
==== End Of File ===========================
 
Concern after running 5-step program

After running the 5-step program for viruses/malware/spyware etc., I restarted my computer and don't see any of my icons on my desktop, except for the ones I added during the 5-step and computer, network, and recycle bin.

I also checked on all my Word files, downloaded Adobe files and don't see any of them anywhere.

Could they be hidden and how do I unhide them?

And if they are not hidden and crashed right after my computer system acting up after a virus attack, how do I restore them? Am I able to restore them and if so, will I run the risk of re-infecting my PC?

Thank you for time and help.
 
I'm going to delete your second thread about this same problem, Please keep all information on this thread, I will return to review the logs.

My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
Restoring Old Files

when my computer crashed with a virus and spyware (see computer system thread #5), all my word files on there before were deleted.

How do I recover them? Have they been deleted permanently or destroyed by the virus?
 
Please note: I will be Offline on Wednesday, 2/8 and Thursday, 2/9. When I return on Friday, 2/10, I will pick up the oldest threads first.
 
I've had no logs for 3 weeks. It's possible the the malware just hid the files. See if this restores them:
Download Unhide.exe and save to the desktop.
  • Double-click on Unhide.exe icon to run the program.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
Note 1: This does not remove the malware- only the attribute causing the 'missing' problem.So it is important for you to continue.

If you want to continue:
Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
When scan has finished, you will see this image:
scan-finished.jpg

  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
=======================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
 
Status
Not open for further replies.

Similar threads

midian182
Recent high-end Intel CPUs are crashing Unreal Engine games
Replies
24
Views
565
GrumpyOldGamer
G
A
A weird storage bug in Android 14 is locking users out of their phones
Replies
4
Views
294
maxxcool7421
M
K
Question Assistance Needed for HPE DL30 Proliant Server Error Codes
Replies
0
Views
614
KJ707
K

Latest posts

Back